<?php
/*

Version 0.1
SEMF - Web Desiging Framework for Sport Event Managment
Copyright (C) 2006, SEMF Developers

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

*/
$project_name = $_GET["project_name"];
$project_dir = $_GET["project_dir"];
$from_url = $_GET["from_url"];

$error_msg = $_GET["msg"];

$admin_name = $_POST["admin_name"];
$admin_password = $_POST["admin_password"];

if(!isset($semf_root))
{
	$semf_root="../";
}

include_once($semf_root."core/lib/login_util.php");

if(!isset($project_name))
{
	$project_name = $_POST["project_name"];
	$project_dir = $_POST["project_dir"];
	$from_url = $_POST["from_url"];
}

$db_info = get_database_info($semf_root.$project_dir);

$db_name = $db_info["db_name"];
$db_server = $db_info["db_server"];
$db_password = $db_info["db_password"];

if(!isset($project_name)) //then it is a mistake to come here..
{
	go_2_home();
}

if(isset($admin_name))
{
	//check for the admin password..
	$link = mysql_connect($db_server, 'root', $db_password);
	if($link)
	{
		if(!mysql_select_db($db_name))
		{
			go_2_home();
		}
		$query = "SELECT id FROM System_Administrator WHERE ".
					"name = '". $admin_name."' and ".
					"password = md5('". $admin_password."')";
		/*echo $admin_name."<br/>";
		echo $admin_password."<br/>";
		echo $db_name."<br/>";*/
		$result = mysql_query($query) or die("Error in query: $query ".mysql_error());
		if($result == 0 || mysql_num_rows($result) ==  0)
		{
			//log in failed..
			$error_msg = "Log in failed..";
		}
		else
		{
			if($row = mysql_fetch_row($result)) 
			{
				$id = $row[0];
				$user_token = login($id, $admin_name, $admin_password);
				
				if(isset($from_url) && $from_url == NULL)
				{
					$url = "../control_panel/index.php";
				}
				else
				{
					$url = $semf_root.$from_url;
				}
				
				/*$relative_url = $url."?".
							"project_name=".$project_name."&".
							"project_dir=".$project_dir."&".
							"user_token=".$user_token."&";
								
				header("Location: http://" . $_SERVER['HTTP_HOST']
				 . dirname($_SERVER['PHP_SELF'])
				 . "/" . $relative_url); */
				$args = array("project_name"=> $project_name,
								"project_dir"=> $project_dir,
								"user_token"=> $user_token);
				createSubmitPage($url, $args, false);
				mysql_close($link);
				exit();
			}
		}
		mysql_close($link);
	}
}

//function to go for the main project..
function go_2_home()
{
	$relative_url = "../index.php";
	/*header("Location: http://" . $_SERVER['HTTP_HOST']
                     . dirname($_SERVER['PHP_SELF'])
                     . "/" . $relative_url); */
	createSubmitPage($relative_url, array(), false);
}

function login($id, $user_name, $password)
{
	//check whether the user token is expired..
	include_once("lib/SEMF_consts.php");
	$query = "SELECT timeStamp, userToken FROM System_Administrator ";
	$query .= "WHERE id = ".$id;
	
	$result = mysql_query($query) or die("Error in query: $query ".mysql_error());
	if(mysql_num_rows($result) >  0)
	{
		$row = mysql_fetch_row($result);
		$timeStamp = $row[0];
		$user_token = $row[1];
	}
	$currentTimeStamp = time();
	
	if($currentTimeStamp - $timeStamp > $SESSION_LIMIT * 60)
	{
		//just invalidate the session and create a new token..
		$user_token = md5($user_name.":".time().$password); 
		$timestamp = time();
		$query = "UPDATE System_Administrator SET userToken = '".$user_token."', ".
												"timeStamp = '".$timestamp. "' ".
												"WHERE id = ".$id;
		
		$result = mysql_query($query) or die("Error in query: $query ".mysql_error());
		
		return $user_token;
	}
	else
	{
		return $user_token;
	}
	

}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>Login</title>
<link href="../lib/style.css" rel="stylesheet" type="text/css" />
<link rel="shortcut icon" href="../icons/semf.ico" />
</head>
<body>
<div id="upbg"></div>
<div id="outer">
  <div id="header">
    <div id="headercontent">
      <h1>SEMF<sup>1.0</sup></h1>
      <h2>Web development framework </h2>
    </div>
  </div>
  <div id="headerpic"></div>
  <div id="content">
    <!-- Normal content: Stuff that's not going to be put in the left or right column. -->
    <div id="normalcontent">
      <h3><strong>Administrator login </strong> <span>for <span class="style5">Project <?php echo $project_name;?></span></span></h3>
      <div class="contentarea">
        <!-- Normal content area start -->
        <!-- Normal content area end -->
        <form method="post" action="login.php">
          <div id="login">
            <?php
echo "
	<input type='hidden' name='project_name' value='${project_name}'/>
	<input type='hidden' name='project_dir' value='${project_dir}'/>
	<input type='hidden' name='from_url' value='${from_url}'/>
	";
?>
            Username
            <input type="text" class="new" maxlength="40" name="admin_name" value="<?php echo $admin_name;?>" />
            Password
            <input type="password" class="new" maxlength="40" name="admin_password" value="<?php echo $admin_password;?>"/>
            <input type="submit" class="submit" value="Login" />
          </div>
        </form>
        <div class="error"> <?php echo $error_msg; ?> </div>
      </div>
    </div>
  </div>
  <div id="footer">
    <div class="left">&copy; 2007 SEMF developers</div>
    <div class="right"></div>
  </div>
</div>
</body>
</html>
